See also

Have you ever downloaded an app from an unfamiliar website? Clicked on a link a friend forwarded to your smartphone? Typed your password while you were in line at the coffee place?

If you answered yes to any of the above, you were asking for trouble. And you probably did not realise just how close you came to being another victim of a security breach.

From a security perspective, mobile devices are far riskier than desktops or laptops. And most people frequently - and unknowingly - do things on their mobile devices that make them susceptible to fraud, identity theft, data loss, and all kinds of other nasty things.

Grab the reins and take back control. Here are five tips that will help keep you safe in mobilespace and empower you to do more on your mobile gismos, with greater peace of mind.

1. Know where danger lurks

"Malware" or malicious software and viruses have moved to the web - but do you know where you are most likely to pick up an infection.

The places mobile users frequently visit that have high risk include:

Computers/Technology: When you browse computer/technology-related sites you're at high risk. An example: one of the first offers of an Android version of Skype was actually malware.

Web advertisements: Cybercriminals have been refining "malvertising" for mobilespace. Recently, for example, an ad for an Angry Birds download was a malicious app that actually made premium SMS calls and then billed people without their knowledge.

Entertainment sites: Games and gambling sites are popular destinations for mobile users and equally popular for purveyors of malware, "phishing" exploits, and phony downloads such as PDFs or browser updates.

Search engines: As search engines become more widely used in mobilespace, search engine poisoning (SEP) tactics are becoming increasingly more prevalent.

2. Click with care

The mobile webscape is filled with ads, offers, promotions, and weblinks-and there is no easy way to tell which ones are legit and which are phony. You cannot even tell by looking at the URL. For example, the Yammer mobile app has a different URL than the web-based version, but both are legitimate.

Many tempting offers even duplicate the look and feel of legitimate sites-but are designed to deliver malicious payloads that steal your personal information. So in general, be careful what you click. If you are not sure where it goes, do not go there.

3. Beware of shoulder surfing

When you type your password on a desktop computer or a laptop, usually the characters you type are masked with asterisks, or dots, or something similar.

But when you type your password using a mobile device, many times the characters are not only visible but highlighted. That's because mobile screens are small and people want to confirm that they've entered the password correctly before they proceed. And that is why shoulder surfing is an increasingly popular low-tech tactic used by identity thieves.

4. Stick to the app store

The mobile web is loaded with offers of free app downloads. Most are legitimate. But some are not. Some are so-called "drive-by download" exploits that embed viruses, spyware, or malware onto your mobile device.

How can you tell the difference? For all practical purposes, you can't. The URL may look suspicious but may actually be legitimate; it may look legitimate and actually be fake. The best policy for apps: avoid downloading from sites that are mobile-only or that are littered with ads. In general, download apps only from trusted app stores. After all, you wouldn't buy Microsoft Office from a back alley store in the bad part of town.

5. Don't swallow phish bait

"Phishing" scams try to trick people into surrendering private information by pretending to be a legitimate enterprise. For example, you get an email that looks like it is from eBay, claiming that your account is about to be suspended unless you click a link and update your credit card information.

As a tactic, phishing is far more productive than spam in the mobile arena. So what can you do to protect yourself?

First, be informed. Banks, credit card companies, and other legitimate institutions will never communicate with you and request information that way. If you are unsure, call them directly.

The same goes for warnings of an impending "computer crash" that will happen if you don't click, or claims that you've won money, or that your password has been compromised. Be sceptical and don't bite.

Steve Schoenfeld is Senior Vice President of Products at Blue Coat

Actions

Share

How Does this Site Work?

This site is where you will find ABC stories, interviews and videos on the subject of Technology and Games. As you browse through the site, the links you follow will take you to stories as they appeared in their original context, whether from ABC News, a TV program or a radio interview. Please enjoy.